When it comes to cyber security, especially phishing\/spear phishing, what you don't know (and\/or ignore) can hurt you and your organization. The total annual cost of phishing for the average-sized organization is estimated to be $3.77 million, most of which is due to the loss of employee productivity. The costs associated with intellectual property theft are considerably higher, $538 billion a year.\nNobody Is Immune:\n\nFive out of every six large companies (2,500+ employees) were targeted with spear-phishing attacks in 2014, a 40% increase over the previous year\nSmall- and medium-sized businesses saw an uptick too, with attacks increasing 26% and 30%, respectively\nNon-targeted attacks, which make up the majority of malware, increased by 26%\nMore than 317 million new pieces of malware were created last year, meaning nearly one million new threats were released daily\n\nThe bad news is that less than 20% of IT leaders are confident their colleagues have been sufficiently schooled to avoid being \u201ccaught\u201d in a phishing attack. That's with good reason: 55% of all security attacks in 2014 were carried out by either malicious insiders or inadvertent actors, and over 95% of breaches caused by insiders are caused by human error.\nThe good news is that these and other attacks can be mitigated with employee awareness and bolstered with the appropriate training, procedures, and policies. Here are six of the top tips for better securing your workplace:\nTip #1: Security! Security! Security!\nStart with a security program that is clear and concise, with policies and procedures that are communicated to employees, partners, and everybody else with access to corporate information. Revise your policies and procedures on an ongoing basis, because the threat environment is changing on an ongoing basis.\nTip #2: Train and Test\nEmployees need to be trained about the organization\u2019s security policies and procedures, and they should be tested on a regular basis to ensure that their knowledge is up-to-date.\nTip #3: Password Management\nDeveloping good password management skills is critical in today\u2019s connected world, both at work and at home.\nTip #4: Patches (and Updates)\nSecurity is a moving target, with new threats and vulnerabilities occurring at a rapid pace, so ensuring that patches and updates are applied on a regular basis is absolutely essential.\nTip #5: Security Is Not a One-Time, One-Person Activity\nEverybody needs to be aware of proper security policies, procedures and their daily use, and must be active in ensuring a secure workplace.\nTip #6: Probe Your Defenses\nConduct periodic penetration testing\u2014especially phishing and social engineering testing\u2014to measure your success at raising awareness.